[Bug 1206712] New: CVE-2015-2774 Erlang/OTP is vulnerable to Poodle in its TLS-1.0 implementation
https://bugzilla.redhat.com/show_bug.cgi?id=1206712
Bug ID: 1206712 Summary: CVE-2015-2774 Erlang/OTP is vulnerable to Poodle in its TLS-1.0 implementation Product: Security Response Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team@redhat.com Reporter: fleite@redhat.com CC: erlang@lists.fedoraproject.org, gemi@bluewin.ch, lemenkov@gmail.com, rhbugs@n-dimensional.de, rjones@redhat.com, s@shk.io
It was reported upstream that Erlang/OTP is vulnerable to Poodle in its TLS-1.0 implementation. This vulnerability was assigned CVE-2015-2774.
References: http://www.erlang.org/news/85 http://openwall.com/lists/oss-security/2015/03/27/9
https://bugzilla.redhat.com/show_bug.cgi?id=1206712
Fabio Olive Leite fleite@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Depends On| |1206713 Depends On| |1206714
--- Comment #1 from Fabio Olive Leite fleite@redhat.com ---
Created erlang tracking bugs for this issue:
Affects: fedora-all [bug 1206713] Affects: epel-all [bug 1206714]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1206713 [Bug 1206713] CVE-2015-2774 erlang: Erlang/OTP is vulnerable to Poodle in its TLS-1.0 implementation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1206714 [Bug 1206714] CVE-2015-2774 erlang: Erlang/OTP is vulnerable to Poodle in its TLS-1.0 implementation [epel-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1206712
Richard W.M. Jones rjones@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |jeckersb@redhat.com
--- Comment #2 from Richard W.M. Jones rjones@redhat.com --- Adding Rabbit maintainer just FYI.
https://bugzilla.redhat.com/show_bug.cgi?id=1206712 Bug 1206712 depends on bug 1206713, which changed state.
Bug 1206713 Summary: CVE-2015-2774 erlang: Erlang/OTP is vulnerable to Poodle in its TLS-1.0 implementation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1206713
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |ERRATA
https://bugzilla.redhat.com/show_bug.cgi?id=1206712
--- Comment #3 from Fedora Update System updates@fedoraproject.org --- erlang-17.4-4.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1206712
--- Comment #4 from Fedora Update System updates@fedoraproject.org --- erlang-17.4-4.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1206712
Fedora Update System updates@fedoraproject.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ON_QA
--- Comment #5 from Fedora Update System updates@fedoraproject.org --- erlang-17.4-5.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update erlang'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/erlang-17.4-5.fc23
https://bugzilla.redhat.com/show_bug.cgi?id=1206712 Bug 1206712 depends on bug 1206713, which changed state.
Bug 1206713 Summary: CVE-2015-2774 erlang: Erlang/OTP is vulnerable to Poodle in its TLS-1.0 implementation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1206713
What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |ON_QA Resolution|ERRATA |---
https://bugzilla.redhat.com/show_bug.cgi?id=1206712
Tomas Hoger thoger@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |NEW
https://bugzilla.redhat.com/show_bug.cgi?id=1206712
--- Comment #6 from Fedora Update System updates@fedoraproject.org --- erlang-17.4-5.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1206712 Bug 1206712 depends on bug 1206713, which changed state.
Bug 1206713 Summary: CVE-2015-2774 erlang: Erlang/OTP is vulnerable to Poodle in its TLS-1.0 implementation [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1206713
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |NEXTRELEASE
https://bugzilla.redhat.com/show_bug.cgi?id=1206712
--- Comment #7 from Fedora Update System updates@fedoraproject.org --- erlang-R16B-03.11.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
https://bugzilla.redhat.com/show_bug.cgi?id=1206712 Bug 1206712 depends on bug 1206714, which changed state.
Bug 1206714 Summary: CVE-2015-2774 erlang: Erlang/OTP is vulnerable to Poodle in its TLS-1.0 implementation [epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=1206714
What |Removed |Added ---------------------------------------------------------------------------- Status|ON_QA |CLOSED Resolution|--- |NEXTRELEASE
erlang@lists.fedoraproject.org
-
Red Hat Bugzilla